EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Objectives for managing cyber supply chain risk

Marjorie Windelberg

International Journal of Critical Infrastructure Protection, 2016, vol. 12, issue C, 4-11

Abstract: Cyber-based products and services are acquired through supply chains that typically involve numerous suppliers of hardware, firmware and software components and services sourced globally. When acquisition objectives and their concomitant requirements are not rigorously defined and managed, the cyber-based products and services can pose operational risks to end user organizations and possibly to society if security, reliability and/or safety are compromised, especially in critical infrastructure sectors. However, there is some disagreement about the fundamental objectives of cyber supply chain risk management. Objectives such as trustworthiness, integrity, security and reliability are often noted as key, while safety and other objectives are often omitted. Divergent guidance further compounds the difficulties encountered by an acquiring organization in writing meaningful requirements or policies for managing supply chain risk – whether from products and services, or to the operation of the supply chain, or to sensitive supply chain information. This paper recommends a set of objectives for cyber supply chain risk management and examines the connotations of each objective with the intent to improve risk coverage. It then examines the tradeoffs among the various objectives that acquirers and suppliers make and the trust assumptions that can result in risk exposure. Awareness of the tradeoffs and the degree to which organizations value one objective over another helps clarify their risk tolerance or risk appetite and enables them to apply appropriate management controls.

Keywords: Risk management; Information and communications technology; Hardware; Firmware; Software; Operational technology; Supply chain; Acquisition requirements (search for similar items in EconPapers)
Date: 2016
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (3)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1874548215000785
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:12:y:2016:i:c:p:4-11

DOI: 10.1016/j.ijcip.2015.11.003

Access Statistics for this article

International Journal of Critical Infrastructure Protection is currently edited by Leon Strous

More articles in International Journal of Critical Infrastructure Protection from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijocip:v:12:y:2016:i:c:p:4-11